diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2005-01-12 00:16:25 +0000 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2005-01-12 00:16:25 +0000 |
| commit | 0ecca7a49f8e254c12a3a1de048d738bfbb614c6 (patch) | |
| tree | 816c7073739d918ca579171204e6d3caf9977da5 /libavcodec/h264.c | |
| parent | f14d4e7e21c48967c1a877fa9c4eb9943d2c30f5 (diff) | |
| download | ffmpeg-0ecca7a49f8e254c12a3a1de048d738bfbb614c6.tar.gz | |
various security fixes and precautionary checks
Originally committed as revision 3822 to svn://svn.ffmpeg.org/ffmpeg/trunk
Diffstat (limited to 'libavcodec/h264.c')
| -rw-r--r-- | libavcodec/h264.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 5267b25f2f..22106a9090 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -5862,6 +5862,10 @@ static inline int decode_seq_parameter_set(H264Context *h){ sps->gaps_in_frame_num_allowed_flag= get_bits1(&s->gb); sps->mb_width= get_ue_golomb(&s->gb) + 1; sps->mb_height= get_ue_golomb(&s->gb) + 1; + if((unsigned)sps->mb_width >= INT_MAX/16 || (unsigned)sps->mb_height >= INT_MAX/16 || + avcodec_check_dimensions(NULL, 16*sps->mb_width, 16*sps->mb_height)) + return -1; + sps->frame_mbs_only_flag= get_bits1(&s->gb); if(!sps->frame_mbs_only_flag) sps->mb_aff= get_bits1(&s->gb); |